Cybersecurity Infrastructure Engineer

We are seeking a highly skilled Cybersecurity Infrastructure Engineer to join our team at Microsoft. As a key member of our Global Customer Success organization, you will play a critical role in helping our customers achieve their cybersecurity goals.

• Technical Delivery
  • Assist our top customers with threat containment and recovery efforts, prioritizing adversary containment and recovery across multiple workstreams.
  • Develop and execute recovery plans in response to large-scale impactful incidents involving ransomware and destructive adversarial campaigns.
  • Deploy forensic collection tooling across complex environments and identify potential threats to enable proactive defense.
  • Provide recommendations to improve cybersecurity posture and perform knowledge transfer to prepare customers to defend against today's threat landscape.
• Research
  • Conduct research, analysis, and summarization of security threats and response capabilities, sharing findings across the team.
  • Identify, conduct, and support others in conducting research into critical security areas, such as current attacks, adversary tracking, and academic literature.
  • Create and document new solutions to mitigate security issues and recommend prioritization and validation methods for technical indicators.
  • Develop tools to automate analyses and lead efforts to clean, structure, and standardize data and data sources.
• Thought Leadership
  • Develop written content for publication on Microsoft blog platforms and create presentations for delivery at internal and external conferences.
  • Use unique experiences of Microsoft Incident Response to create compelling storytelling moments.
• Operational Excellence
  • Complete operational tasks and readiness with timeliness and accuracy, following Microsoft policies, compliance, and procedures.
  • Lead by example and guide team members on operational tasks, readiness, and compliance.

• 5+ years of experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection, or a Master's Degree in Statistics, Mathematics, Computer Science, or a related field.
• 3+ years of experience with threat actor containment during an incident, rapid recovery of critical infrastructure, and eviction of a threat actor after an investigation.
• 3+ years of experience with Active Directory and associated components, including Kerberos, NTLM, Group Policy, Backup and Disaster Recovery, DNS, and AD tiering models.
• Proficiency in one or more query languages, such as KQL, SPL, SQL, etc.
• Fluent in reading, writing, and speaking English.

• 6+ years of experience in software development lifecycle, large-scale computing, modeling, cybersecurity, and/or anomaly detection, or a Doctorate in Statistics, Mathematics, Computer Science, or a related field.
• Experience in PowerShell and bash scripting, as well as third-party security products, including Splunk, CrowdStrike Falcon, QRadar, etc.
• Experience with Microsoft Public Key Infrastructure (PKI) implementations, Active Directory Federation Services (AD FS), and understanding of the Linux and MacOS platforms.
• Experience with two or more of Microsoft's portfolio of Artificial Intelligence (AI) products, such as Security Copilot, Bing Copilot, GitHub Copilot, Office Copilot, and Windows Copilot.
• Understanding of DevOps concepts, including Version Control, Infrastructure as code, CI/CD Pipelines, Frameworks, Configuration Management, and Continuous Monitoring.
• Experience with management of virtualization platforms, such as Hyper-V, VMware, etc., and IP network management, including routing, firewalls, access control lists, DHCP, packet analysis, and troubleshooting network traffic flow.